Vulnerability Description
A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially compromising the system’s confidentiality, integrity, and availability.
Related Weaknesses (CWE)
References
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-3030.html
- https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-4017.html
FAQ
What is CVE-2026-0438?
CVE-2026-0438 is a documented vulnerability. A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity a...
How severe is CVE-2026-0438?
CVSS scoring is not yet available for CVE-2026-0438. Check NVD for updates.
Is there a patch for CVE-2026-0438?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.